#!/bin/sh
#create by LiHong
#mail: lh83mail@126.com
#############################################################
# 使用前请修改脚本里变量的值
#############################################################
cat <<EOF
+------------------------------------------------------------------------------+
|                            init linux system                                 |
+------------------------------------------------------------------------------+
EOF

###################################################
### Variables
###################################################
# NTP 时钟同步服务器ip
TIME_SERVER='time.windows.com'

#set NTP
echo "* 0,5,10,15,20 * * * /user/sbin/ntpupdate $TIME_SERVER > /dev/null 2 >&1" >> /etc/crontab
service crond restart

#set ulimit
echo "ulimit -SHn 65535" >> /etc/rc.local

#set sysctl
###################################################
#--todo memory turning
#net.ipv4.tcp_rmem = 4096        87380   629145
#net.ipv4.tcp_wmem = 4096        16384   4194304
#net.ipv4.tcp_mem = 185355       247141  370710
#net.core.wmem_default = 212992
#net.core.wmem_max = 212992
#net.core.rmem_default = 212992
#net.core.rmem_max = 212992
####################################################
true > /etc/sysctl.conf
cat >> /etc/sysctl.conf <<EOF
kernel.core_uses_pid = 1
kernel.msgmax = 65536
kernel.msgmnb = 65536
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024    65535
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
EOF
/sbin/sysctl -p
echo "sysctl setup finished"

#disable selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
echo 'selinux disabled, you must reboot'

#disable firewal
chkconfig iptables off
service iptables stop
echo 'iptables service disabled'

